Abstract
We consider a novel security requirement of encryption schemes that we call “key-privacy” or “anonymity”. It asks that an eavesdropper in possession of a ciphertext not be able to tell which specific key, out of a set of known public keys, is the one under which the ciphertext was created, meaning the receiver is anonymous from the point of view of the adversary. We investigate the anonymity of known encryption schemes. We prove that the El Gamal scheme provides anonymity under chosen-plaintext attack assuming the Decision Diffie-Hellman problem is hard and that the Cramer-Shoup scheme provides anonymity under chosen-ciphertext attack under the same assumption. We also consider anonymity for trapdoor permutations. Known attacks indicate that the RSA trapdoor permutation is not anonymous and neither are the standard encryption schemes based on it. We provide a variant of RSA-OAEP that provides anonymity in the random oracle model assuming RSA is one-way. We also give constructions of anonymous trapdoor permutations, assuming RSA is one-way, which yield anonymous encryption schemes in the standard model.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
M. Abadi and P. Rogaway, “Reconciling two views of cryptography (The computational soundness of formal encryption),” Proceedings of the First IFIP International Conference on Theoretical Computer Science, LNCS Vol. 1872, Springer-Verlag, 2000.
M. Bellare, A. Boldyreva, A. Desai and D. Pointcheval, “Key-privacy in public-key encryption,” Full version of this paper, available via http://www-cse.ucsd.edu/users/mihir/.
M. Bellare, A. Boldyreva and S. Micali, “Public-key encryption in a multiuser setting: security proofs and improvements,” Advances in Cryptology — EUROCRYPT’ 00, LNCS Vol. 1807, B. Preneel ed., Springer-Verlag, 2000.
M. Bellare, A. Desai, E. Jokipii and P. Rogaway, “A concrete security treatment of symmetric encryption,” Proceedings of the 38th Symposium on Foundations of Computer Science, IEEE, 1997.
M. Bellare, A. Desai, D. Pointcheval and P. Rogaway, “Relations among notions of security for public-key encryption schemes,” Advances in Cryptology — CRYPTO’ 98, LNCS Vol. 1462, H. Krawczyk ed., Springer-Verlag, 1998.
M. Bellare, J. Kilian and P. Rogaway, “The security of the cipher block chaining message authentication code,” Advances in Cryptology — CRYPTO’ 94, LNCS Vol. 839, Y. Desmedt ed., Springer-Verlag, 1994.
M. Bellare and P. Rogaway, Random oracles are practical: a paradigm for designing efficient protocols. First ACM Conference on Computer and Communications Security, ACM, 1993.
M. Bellare and P. Rogaway, “Optimal asymmetric encryption — How to encrypt with RSA,” Advances in Cryptology — EUROCRYPT’ 95, LNCS Vol. 921, L. Guillou and J. Quisquater ed., Springer-Verlag, 1995.
M. Blum and S. Goldwasser, “An efficient probabilistic public-key encryption scheme which hides all partial information,” Advances in Cryptology — CRYPTO’ 84, LNCS Vol. 196, R. Blakely ed., Springer-Verlag, 1984.
J. Camenisch and A. Lysyanskaya, “Efficient non-transferable anonymous multi-show credential system with optional anonymity revocation,” Advances in Cryptology — EUROCRYPT’ 01, LNCS Vol. 2045, B. Pfitzmann ed., Springer-Verlag, 2001.
D. Coppersmith, “Finding a small root of a bivariate integer equation; factoring with high bits known,” Advances in Cryptology — EUROCRYPT’ 96, LNCS Vol. 1070, U. Maurer ed., Springer-Verlag, 1996.
R. Cramer and V. Shoup, “A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack,” Advances in Cryptology —CRYPTO’ 98, LNCS Vol. 1462, H. Krawczyk ed., Springer-Verlag, 1998.
A. Desai, “The security of all-or-nothing encryption: protecting against exhaustive key search,” Advances in Cryptology — CRYPTO’ 00, LNCS Vol. 1880, M. Bellare ed., Springer-Verlag, 2000.
Y. Desmedt, “Securing traceability of ciphertexts: Towards a secure software escrow scheme,” Advances in Cryptology — EUROCRYPT’ 95, LNCS Vol. 921, L. Guillou and J. Quisquater ed., Springer-Verlag, 1995.
D. Dolev, C. Dwork and M. Naor “Non-malleable cryptography,” SIAM J. on Computing, Vol. 30, No. 2, 2000, pp. 391–437.
T. ElGamal, “A public key cryptosystem and signature scheme based on discrete logarithms,” IEEE Transactions on Information Theory, vol 31, 1985, pp. 469–472.
M. Fischlin, “Pseudorandom Function Tribe Ensembles based on one-way permutations: Improvements and applications,” Advances in Cryptology — EUROCRYPT’ 99, LNCS Vol. 1592, J. Stern ed., Springer-Verlag, 1999.
E. Fujisaki, T. Okamoto, D. Pointcheval and J. Stern, “RSA-OAEP is Secure under the RSA Assumption,” Advances in Cryptology — CRYPTO’ 01, LNCS Vol. 2139, J. Kilian ed., Springer-Verlag, 2001.
O. Goldreich, “Foundations of Cryptography, Basic Tools,” Cambridge University Press, 2001.
O. Goldreich, S. Goldwasser and S. Micali, “How to construct random functions,” Journal of the ACM, Vol. 33, No. 4, 1986, pp. 210–217.
O. Goldreich and L. Levin, “A hard-core predicate for all one-way functions,” Proceedings of the 21st Annual Symposium on the Theory of Computing, ACM, 1989.
S. Goldwasser and S. Micali, “Probabilistic encryption,” J. of Computer and System Sciences, Vol. 28, April 1984, pp. 270–299.
H. Krawczyk, “SKEME: A Versatile Secure Key Exchange Mechanism for Internet,” Proceedings of the 1996 Internet Society Symposium on Network and Distributed System Security, 1996.
National Bureau of Standards, NBS FIPS PUB 81, “DES modes of operation,” U.S Department of Commerce, 1980.
M. Naor and O. Reingold, “Number-theoretic constructions of efficient pseudo-random functions,” Proceedings of the 38th Symposium on Foundations of Computer Science, IEEE, 1997.
M. Naor and M. Yung, “Universal one-way hash functions and their cryptographic applications,” Proceedings of the 21st Annual Symposium on the Theory of Computing, ACM, 1989.
M. Naor and M. Yung, “Public-key cryptosystems provably secure against chosen ciphertext attacks,” Proceedings of the 22nd Annual Symposium on the Theory of Computing, ACM, 1990.
RSA Labs, “PKCS-1,” http://www.rsasecurity.com/rsalabs/pkcs/pkcs-1/.
C. Rackoffand D. Simon, “Non-interactive zero-knowledge proof of knowledge and chosen-ciphertext attack,” Advances in Cryptology — CRYPTO’ 91, LNCS Vol. 576, J. Feigenbaum ed., Springer-Verlag, 1991.
K. Sako, “An auction protocol which hides bids of losers,” Proceedings of the Third International workshop on practice and theory in Public Key Cryptography (PKC 2000), LNCS Vol. 1751, H. Imai and Y. Zheng eds., Springer-Verlag, 2000.
V. Shoup, “On formal models for secure key exchange, ” Technical report. Theory of Cryptography Library: 1999 Records.
M. Stadler, “Publicly verifiable secret sharing,” Advances in Cryptology — EUROCRYPT’ 96, LNCS Vol. 1070, U. Maurer ed., Springer-Verlag, 1996.
Y. Tsiounis and M. Yung, “On the security of El Gamal based encryption,” Proceedings of the First International workshop on practice and theory in Public Key Cryptography (PKC’98), LNCS Vol. 1431, H. Imai and Y. Zheng eds., Springer-Verlag, 1998.
A. Yao, “Theory and applications of trapdoor functions, ” Proceedings of the 23rd Symposium on Foundations of Computer Science, IEEE, 1982.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2001 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bellare, M., Boldyreva, A., Desai, A., Pointcheval, D. (2001). Key-Privacy in Public-Key Encryption. In: Boyd, C. (eds) Advances in Cryptology — ASIACRYPT 2001. ASIACRYPT 2001. Lecture Notes in Computer Science, vol 2248. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45682-1_33
Download citation
DOI: https://doi.org/10.1007/3-540-45682-1_33
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-42987-6
Online ISBN: 978-3-540-45682-7
eBook Packages: Springer Book Archive